Full Disclosure mailing list archives
Re: Should nmap cause a DoS on cisco routers?
From: Dan Kaminsky <dan () doxpara com>
Date: Thu, 1 Jul 2010 18:38:55 +0200
And this is why BreakingPoint matters: Because, oh man, network people let manufacturers get away with shipping some really fragile code. If a Windows desktop fell over because you looked at it funny -- and lets be honest, nmap -sV is quite literally, looking at something funny -- it'd be an unambiguous remote DoS and we'd laugh at Microsoft if they said we should deploy best practices to deal with it. Now, if the networking equipment in question was a $75 Linksys router, sure. There's a million ways to knock those things over, and you get what you pay for. But genuinely expensive gear? Some of that budget needs to start going into resiliency. On Thu, Jul 1, 2010 at 1:07 PM, Dobbins, Roland <rdobbins () arbor net> wrote:
On Jul 1, 2010, at 5:23 PM, Thierry Zoller wrote:If a device crashes when being scanned - it's a vulnerability.It sounds to me as if what happened was that he ended up driving the CPUs of the devices in question to 100%, and they stopped handling control-plane traffic and fell over. There are infrastructure self-protection best current practices (BCPs) which can be deployed to defend against infrastructure-targeted DoS. I've only seen this happen a few hundred times or so, so I could be wrong, of course. ;> As the original poster posited:Is this a configuration error of the networking devices?The answer is, almost assuredly, "Yes." ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Should nmap cause a DoS on cisco routers?, (continued)
- Message not available
- Re: Should nmap cause a DoS on cisco routers? coderman (Jul 08)
- Re: Should nmap cause a DoS on cisco routers? Florian Weimer (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Thierry Zoller (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Champ Clark III [Softwink] (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Christian Sciberras (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Champ Clark III [Softwink] (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Michal (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? coderman (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? Dan Kaminsky (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? Dan Kaminsky (Jul 01)
- Re: Should nmap cause a DoS on cisco routers? Benji (Jul 01)
- WiFi sniffing need to be connected? Vinicius Menezes (Jul 02)
- Re: WiFi sniffing need to be connected? Tyler Borland (Jul 02)
- Re: Should nmap cause a DoS on cisco routers? bk (Jul 09)
- Re: Should nmap cause a DoS on cisco routers? Dobbins, Roland (Jul 10)